Why Security Questions may be bad news

05. January 2012 · Write a comment · Categories: Security · Tags: , ,

article by Andrew Malek

If you have a web-based services like social networking sites, message boards, or online banking applications, you probably had to register as a user. This is sometimes a lengthy process and requires you to enter your username and password (or get one assigned to you), we get some sense of security to the service.

So good passwords (not the word “computer” or “secret”) can be almost impossible to remember (like ten characters, letters, numbers and punctuation), many services are now using the “secret question” You can answer if your username / password and, if necessary, restore or reset. By providing a safety issue, these services help to ensure that it really is a request for login information.

Some sites may require up to safety, and a password every time you meet them they should be used with a second level of security.

Security issues are usually things that are comfortable, you can only retrieve data that must be maintained. Some common examples are as follows:

* * It was the first school, mother’s maiden name, first name * Pet * When the husband was the first time I met

Some sites force you to question advance to answer the most popular is your mother’s maiden name. Others offer a list of questions for you to choose, but some people might, you can create your own questions and answers. This allows you to provide personal information such as name of a favorite musical group, the name you have entered a pet rock or a wall poster cards that you asked a child.

Unfortunately, the answers to the questions, a number of security updates are well known, easily guessed, will be online, or can be found in public records or private detective (and if someone really wants to get into your account they go through a lot of trouble). Thus, if either of these questions are offered to a different level of security to offer, or the need for customer service representatives, otherwise check the identity when you request a new password elimination, leading to all sorts of problems.

Especially when the only certainty is required to obtain or reset your password, or even a combination of a security question, and other pieces of personal information, if someone can guess or get answers to your questions, it’s free Game Account!

Such a secret question and answer hacking can and has influenced many people, including the famous people. For example, reports that the 2008 Republican vice presidential candidate Sarah Palin’s email account was violated when someone claims a few questions answered during the call for a password. The questions were her birthday, zip code, and where she met her husband (Wasilla High), information about the network, or easy to guess.

Now that you know how easy it can be accessible to others via the secret question, you can protect against?

* If the opportunity to choose the most obscure question of safety is provided to select or write your own question and answer, if this function is available. Choose something you and only you can know – what you’re positive is not available in public documents, a Facebook page, or elsewhere online. Never use your mother’s maiden name, social security number or place of birth, because they either can not be found or have other security and privacy issues, if someone does not hack the account and read the answers to security questions.

* Use different security questions for each service. No matter how confident you’ve created an account, it may be due to lackluster security procedures of the Web service provider, or even due to an inside job to get hacked. Someone could read the answers to questions safety and use it to your accounts on other sites!

* Note the handling of the security question on the second password. You can encrypt the response is replaced by the letter “O” and the number 0, the letter “L” and the number 1, the letter “” with the @ sign, etc., but as dictionary attacks become more sophisticated , may be less effective. Or “crazy” and make stupid answers like passwords as letters, numbers and punctuation.

disadvantage of this method is that the answer may be impossible to remember, so you need somewhere to store. And if you do not forget your secret question answer or can not find it, you’ll never be able to change the password! As in the best possible customer service, you can play or a copy of ID to prove your identity to send. These processes can be a long, difficult, for instance if you want to use online banking to your program bill today. And remember that some sites you may have your secret question answer every time you log on, not only should you forget your password.

Although the security of the site the user account used only for the login ID and password, run, security issues are very common, especially in authenticating the user to retrieve a lost password. If you are forced to answer such a question, try to get the most obscure information as possible to get so it is not easily guessed or found. Using a variety of questions regarding the safety of all site not hack your account and read the answers. Finally, consider treating your secret password question and half, so it is mysterious, that difficult to hack. Security problems have become a contemporary reality of the Internet, so learn how to use them in your favor.

Copyright 2009 Andrew Malek.


Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>